It's very evident that cyber-attacks are not only costly in terms of time and money but also bring extensive legal liability with them. According to Juniper Research's prediction, the cost of a data breach could cross $150 million by 2020.
With the rising cost of data breaches and cyber-attacks, cybersecurity has become a board room conversation on an unprecedented scale. In this ever-connected online world, web application security is the cornerstone of the overall cybersecurity of any company.
When it comes to application security, web application firewall (WAF) based protection has been the first line of defense against web attacks for a while now.
A web application firewall is deployed in front of web applications that aim to intercept the traffic to and from the web servers with the intent of identifying malicious requests and blocking them.
WAF is not a new technology and has been around for a while now, where many organizations have some form of WAF deployed. But unfortunately, the efficacy of WAF remains to be a question. The ever-increasing cost of a data breach, as well as the number of successful web attacks, suggest that WAF, in its traditional form, has not been doing an effective job.
A recent independent study by Ponemon institute further strengthens this claim.
- 65% of the organizations surveyed have said that they are not sure about the effectiveness of WAF,
- 43% of them use WAF only in log/monitoring mode,
- 86% of them have experienced an application layer attack that has bypassed WAF.
In contrast:
- The annual spent on WAF has been increasing year by year,
- In total, organizations spend 620K/year on average,
- 420K on WAF products and 200 K annually on staff who spend 45 hrs a week fine-tuning the rules and managing WAF.
It's clear the traditional form of WAF is not working, and that's because:
- Static WAF rules in traditional WAF do not provide visibility to application vulnerabilities, nor do they provide complete protection when it comes to the everchanging threat landscape.
- Applications are continually changing, and it is hard for WAF to be deployed in block mode, as it requires constant monitoring and fine-tuning of rules.
- Management of WAF requires expertise, and not all organizations have the requisite skill set for proper deployments.
- Traditional WAFs are deployed in on-premise (customers infrastructure), which means it becomes customers' job to manage the infra. This leads to additional CAPEX and OPEX.
- With sophisticated attacks, especially in the case of DDOS attacks, it becomes near impossible for On-premise deployments to scale to thwart such attacks.
- With the complex heterogeneous environment in an organization with different deployment models as well as languages and architectures used, it becomes nearly impossible to have an inbuilt team that could fine-tune WAFs to protect such a diverse environment.
Hence, there is a need for a better form of defense:
- That can scale with your business, leveraging the power and scalability of cloud networks.
- Dynamically change the protection profile to adapt to everchanging application and threat landscape.
- That does not require to build an army of resources inhouse who have security expertise.
- Have significantly lower CAPEX and OPEX.
Introducing AppTrana - Indusface's Cloud Web Application Firewall
AppTrana is a revolutionary managed solution from Indusface that takes a more comprehensive approach when it comes to application security.
Unlike traditional vendors, AppTrana does not give default rules and ask customer to manage them, instead, it starts with understanding the risk profile of application through its detection module which scans the application for vulnerabilities, based on the detection, rules are written and tweaked to meet the application need ensuring there are no FPs with very little FNs.
Being a wholly managed WAF, the rules are tweaked by AppTrana's security experts who have years of experience handling WAF security for thousands of sites, so they know what they are doing.
And it does not stop there, the team of experts continuously monitors the security space and keep the rules updated, ensuring all zero-day vulnerabilities are immediately protected. Not only that, in case of FPs due to any new changes in the application, the team would immediately tweak the rules to ensure the issue is immediately resolved without the need for opening up WAF and moving the rules to log mode.
95% of sites start in block mode behind AppTrana from day zero, and all applications move to block mode within 14 days.
Built bottom-up taking advantage of the infinitely scalable cloud infrastructure, AppTrana is built to scale seamlessly to business needs without needing to pre-provision extra infrastructure.
This also means AppTrana can scale effectively to thwart massive DDOS attacks. Not only that being a managed WAF solution, Indusface's security regularly ensures the rules are up-to-date, providing WAF is effective against the everchanging the threat landscape.
To conclude, Managed Cloud WAF, like AppTrana, is the perfect solution to the problem that traditional WAF deployments face.
With AppTrana customers:
- Need not worry about scaling their WAF with their Business. Leveraging the power & scalability of cloud networks, Cloud WAF's scale infinitely any amount of traffic.
- Reduce the risk of downtime, data loss with a WAF that can scale to protect against the largest DoS and DDoS attacks.
- Have no upfront CAPEX to build a huge infra to handle spikes of traffic. The entire WAF infrastructure is handled by the Cloud WAF players.
- Can deploy lot quicker, with onboarding happening in minutes without requirement of any downtime.
- Defend against new and emerging threats with a completely managed rule set that is kept up to date, which means customers need not invest in huge OPEX and build an in-house security team.
